High-Severity Security Flaws Discovered in Progress Software’s LoadMaster
February 11, 2025
By Ravie Lakshmanan
A set of high-severity security flaws has been identified in Progress Software’s LoadMaster application delivery controller (ADC) and load balancer. These vulnerabilities, which were disclosed by the National Vulnerability Database (NVD), could be exploited by malicious actors to execute arbitrary system commands or download any file from the system.
What’s at Stake?
Kemp LoadMaster is a high-performance ADC and load balancer that provides availability, scalability, performance, and security for business-critical applications and websites. The identified vulnerabilities, which have a CVSS score of 8.4, are listed below:
- CVE-2024-56131: Improper input validation vulnerability that allows remote malicious actors to execute arbitrary system commands via a carefully crafted HTTP request.
- CVE-2024-56132: Improper input validation vulnerability that allows remote malicious actors to download the content of any file on the system via a carefully crafted HTTP request.
- CVE-2024-56133: Improper input validation vulnerability that allows remote malicious actors to execute arbitrary system commands via a carefully crafted HTTP request.
- CVE-2024-56134: Improper input validation vulnerability that allows remote malicious actors to download the content of any file on the system via a carefully crafted HTTP request.
- CVE-2024-56135: Improper input validation vulnerability that allows remote malicious actors to execute arbitrary system commands via a carefully crafted HTTP request.
Affected Versions
The following versions of the software are affected by the flaws:
- LoadMaster versions from 7.2.55.0 to 7.2.60.1 (inclusive) – Fixed in 7.2.61.0 (GA)
- LoadMaster versions from 7.2.49.0 to 7.2.54.12 (inclusive) – Fixed in 7.2.54.13 (LTSF)
- LoadMaster version 7.2.48.12 and prior – Upgrade to LTSF or GA
- Multi-Tenant LoadMaster version 7.1.35.12 and prior – Fixed in 7.1.35.13 (GA)
Is the Vulnerability Exploited in the Wild?
Progress Software noted that it has no evidence that any of the aforementioned vulnerabilities have been exploited in the wild. However, with previously disclosed flaws being weaponized by threat actors in the past, it’s essential that customers apply the latest patches for optimal protection.
Stay Ahead of the Threats
Stay ahead of the threats by following us on Twitter and LinkedIn to read more exclusive content we post.
